package com.ninelock.handler;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.ninelock.utils.JsonUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.CrossOrigin;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;

@Slf4j
@Component()
@CrossOrigin()
public class AppLoginInSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
  @Autowired private ObjectMapper objectMapper;
  @Autowired private PasswordEncoder passwordEncoder;
  @Autowired private ClientDetailsService clientDetailsService;
  @Autowired private AuthorizationServerTokenServices authorizationServerTokenServices;

  @Override
  public void onAuthenticationSuccess(
      HttpServletRequest request, HttpServletResponse response, Authentication authentication)
      throws IOException {
    log.debug(
        "【AppLoginInSuccessHandler】 onAuthenticationSuccess authentication={}", authentication);
    String header = request.getHeader("Authorization");
    if (header == null || !header.startsWith("Basic ")) {
      throw new UnapprovedClientAuthenticationException("请求头中无client信息");
    }
    String[] tokens = this.extractAndDecodeHeader(header);
    Assert.isTrue(tokens.length == 2, "tokens长度必须为2");
    String clientId = tokens[0];
    String clientSecret = tokens[1];
    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
    if (clientDetails == null) {
      throw new UnapprovedClientAuthenticationException("clientId 对应的配置信息不存在" + clientId);
    } else if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
      throw new UnapprovedClientAuthenticationException("clientSecret 不匹配" + clientId);
    }
    // 生成Token
    TokenRequest tokenRequest =
        new TokenRequest(new HashMap<>(), clientId, clientDetails.getScope(), "custom");
    OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
    OAuth2Authentication oAuth2Authentication =
        new OAuth2Authentication(oAuth2Request, authentication);
    OAuth2AccessToken token =
        authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
    response.setContentType("application/json;charset=UTF-8");
    response.getWriter().write(objectMapper.writeValueAsString(token));
    log.debug("token={}", JsonUtils.objectToJson(token));
  }
  /**
   * 解码
   *
   * @param header
   * @return
   */
  private String[] extractAndDecodeHeader(String header) {
    byte[] base64Token = header.substring(6).getBytes(StandardCharsets.UTF_8);
    byte[] decoded;
    try {
      decoded = Base64.getDecoder().decode(base64Token);
    } catch (IllegalArgumentException var7) {
      throw new BadCredentialsException("Failed to decode basic authentication token");
    }
    String token = new String(decoded, StandardCharsets.UTF_8);
    int delim = token.indexOf(":");
    if (delim == -1) {
      throw new BadCredentialsException("Invalid basic authentication token");
    } else {
      return new String[] {token.substring(0, delim), token.substring(delim + 1)};
    }
  }
}
